db788d21ccdae78b23d2e18a3252545fba4b2fb661d70ac82ef80bd2ba05e05e

Analysis

max time kernel
119s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 09:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0082b69361de12fae94eece75ba5b370N.exe
Size

468KB
MD5

0082b69361de12fae94eece75ba5b370
SHA1

7cd7539ee43352ded95df38a256f128eb854c27e
SHA256

db788d21ccdae78b23d2e18a3252545fba4b2fb661d70ac82ef80bd2ba05e05e
SHA512

5a537a078e6e53914bab95dc2c28e3c0e1a4f4389442e9c6a318e1c845c1dc96d9d7ad822cec8d56598a9a59b881aa2363d154a653e2ec78c73bb47ba0252e09
SSDEEP

3072:1G3oogISIM5TtbY2HncOcf8/vChaP0p2JVHeT/PMQ7PLbKvgcElb:1GYobkTtxHcOcfSYHIQ7zuvgc

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2812	Unicorn-5267.exe
2704	Unicorn-7057.exe
2652	Unicorn-22839.exe
2532	Unicorn-48578.exe
2608	Unicorn-56746.exe
3016	Unicorn-36880.exe
1120	Unicorn-58784.exe
3008	Unicorn-52792.exe
2384	Unicorn-9713.exe
2124	Unicorn-28096.exe
2252	Unicorn-36264.exe
276	Unicorn-16398.exe
712	Unicorn-12838.exe
2772	Unicorn-58775.exe
988	Unicorn-13103.exe
2360	Unicorn-62195.exe
1736	Unicorn-54582.exe
2180	Unicorn-26783.exe
2152	Unicorn-38578.exe
784	Unicorn-5978.exe
2448	Unicorn-18231.exe
1548	Unicorn-14701.exe
1700	Unicorn-38651.exe
1228	Unicorn-18785.exe
2672	Unicorn-42735.exe
2984	Unicorn-43289.exe
620	Unicorn-940.exe
2072	Unicorn-9870.exe
2020	Unicorn-15992.exe
2032	Unicorn-32328.exe
792	Unicorn-7561.exe
2744	Unicorn-12200.exe
1524	Unicorn-44318.exe
2740	Unicorn-1239.exe
2928	Unicorn-7369.exe
2788	Unicorn-65293.exe
2836	Unicorn-40042.exe
2588	Unicorn-43364.exe
2552	Unicorn-3093.exe
2420	Unicorn-3648.exe
1716	Unicorn-27598.exe
2880	Unicorn-40404.exe
1876	Unicorn-60078.exe
2376	Unicorn-2792.exe
536	Unicorn-42863.exe
1064	Unicorn-64800.exe
780	Unicorn-45671.exe
1660	Unicorn-51801.exe
1968	Unicorn-63788.exe
2156	Unicorn-64608.exe
2168	Unicorn-35273.exe
1908	Unicorn-15931.exe
1468	Unicorn-10066.exe
2456	Unicorn-16197.exe
2092	Unicorn-61868.exe
1936	Unicorn-34570.exe
2356	Unicorn-32594.exe
2016	Unicorn-46330.exe
2176	Unicorn-60628.exe
588	Unicorn-52460.exe
2452	Unicorn-61183.exe
2056	Unicorn-52268.exe
2248	Unicorn-60436.exe
1632	Unicorn-31145.exe

Loads dropped DLL 64 IoCs

pid	Process
2684	0082b69361de12fae94eece75ba5b370N.exe
2684	0082b69361de12fae94eece75ba5b370N.exe
2812	Unicorn-5267.exe
2684	0082b69361de12fae94eece75ba5b370N.exe
2684	0082b69361de12fae94eece75ba5b370N.exe
2812	Unicorn-5267.exe
2652	Unicorn-22839.exe
2652	Unicorn-22839.exe
2704	Unicorn-7057.exe
2704	Unicorn-7057.exe
2812	Unicorn-5267.exe
2812	Unicorn-5267.exe
2684	0082b69361de12fae94eece75ba5b370N.exe
2684	0082b69361de12fae94eece75ba5b370N.exe
3016	Unicorn-36880.exe
3016	Unicorn-36880.exe
2812	Unicorn-5267.exe
2812	Unicorn-5267.exe
2532	Unicorn-48578.exe
2532	Unicorn-48578.exe
2652	Unicorn-22839.exe
1120	Unicorn-58784.exe
2652	Unicorn-22839.exe
1120	Unicorn-58784.exe
2684	0082b69361de12fae94eece75ba5b370N.exe
2704	Unicorn-7057.exe
2684	0082b69361de12fae94eece75ba5b370N.exe
2704	Unicorn-7057.exe
2608	Unicorn-56746.exe
2608	Unicorn-56746.exe
3008	Unicorn-52792.exe
3008	Unicorn-52792.exe
3016	Unicorn-36880.exe
3016	Unicorn-36880.exe
2384	Unicorn-9713.exe
2384	Unicorn-9713.exe
2812	Unicorn-5267.exe
2812	Unicorn-5267.exe
2124	Unicorn-28096.exe
2124	Unicorn-28096.exe
988	Unicorn-13103.exe
988	Unicorn-13103.exe
2532	Unicorn-48578.exe
2532	Unicorn-48578.exe
712	Unicorn-12838.exe
712	Unicorn-12838.exe
2608	Unicorn-56746.exe
2608	Unicorn-56746.exe
2252	Unicorn-36264.exe
2252	Unicorn-36264.exe
1120	Unicorn-58784.exe
1120	Unicorn-58784.exe
2684	0082b69361de12fae94eece75ba5b370N.exe
2684	0082b69361de12fae94eece75ba5b370N.exe
2772	Unicorn-58775.exe
2772	Unicorn-58775.exe
2652	Unicorn-22839.exe
2652	Unicorn-22839.exe
984	WerFault.exe
984	WerFault.exe
984	WerFault.exe
984	WerFault.exe
2704	Unicorn-7057.exe
2704	Unicorn-7057.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
984	276	WerFault.exe	41
2776	1548	WerFault.exe	52
600	2672	WerFault.exe	55
2948	1228	WerFault.exe	54
2944	2020	WerFault.exe	60
1704	1736	WerFault.exe	47
1672	2744	WerFault.exe	63
2508	1524	WerFault.exe	64
1848	2836	WerFault.exe	68
1880	640	WerFault.exe	107
1508	2156	WerFault.exe	84
320	1716	WerFault.exe	72
1608	2460	WerFault.exe	124
1916	2176	WerFault.exe	96
2760	2000	WerFault.exe	110
3040	2788	WerFault.exe	67
3084	1904	WerFault.exe	130
3284	2552	WerFault.exe	70
3380	2920	WerFault.exe	125
3364	2400	WerFault.exe	111
3356	2108	WerFault.exe	117
3388	1252	WerFault.exe	114
3836	2568	WerFault.exe	126
3900	2916	WerFault.exe	143
4044	2016	WerFault.exe	94
3272	1016	WerFault.exe	137
3296	2032	WerFault.exe	61
3320	2376	WerFault.exe	75
3344	1480	WerFault.exe	142
3632	2252	WerFault.exe	42
3860	2924	WerFault.exe	139
3208	2988	WerFault.exe	146
3756	1496	WerFault.exe	156
3744	3000	WerFault.exe	167
3164	2248	WerFault.exe	102
4484	2056	WerFault.exe	100
5004	1792	WerFault.exe	160
4144	2584	WerFault.exe	128
4232	2868	WerFault.exe	127
4192	1460	WerFault.exe	121
4180	2564	WerFault.exe	106
4376	1052	WerFault.exe	129
4352	2348	WerFault.exe	131
4312	1936	WerFault.exe	91
4844	2512	WerFault.exe	135
4164	2592	WerFault.exe	120
4472	1216	WerFault.exe	145
4464	2464	WerFault.exe	152
944	1536	WerFault.exe	119
5076	2044	WerFault.exe	147
5256	2336	WerFault.exe	154
5440	444	WerFault.exe	136
5452	1928	WerFault.exe	132
5504	940	WerFault.exe	159
5496	2928	WerFault.exe	65
5480	2588	WerFault.exe	69
5472	2420	WerFault.exe	71
5512	2740	WerFault.exe	66
5528	2228	WerFault.exe	109
5828	2452	WerFault.exe	99
5928	2628	WerFault.exe	118
5936	2124	WerFault.exe	40
5980	620	WerFault.exe	57
5968	2880	WerFault.exe	73

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10916.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47146.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24756.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60078.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52268.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13913.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9860.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16907.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57217.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24865.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20214.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62271.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42682.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30333.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17115.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45244.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59061.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5421.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31145.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3420.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49241.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43388.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56418.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41931.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63426.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21141.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52546.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47878.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2684	0082b69361de12fae94eece75ba5b370N.exe
2812	Unicorn-5267.exe
2652	Unicorn-22839.exe
2704	Unicorn-7057.exe
3016	Unicorn-36880.exe
2608	Unicorn-56746.exe
2532	Unicorn-48578.exe
1120	Unicorn-58784.exe
3008	Unicorn-52792.exe
2384	Unicorn-9713.exe
2124	Unicorn-28096.exe
2252	Unicorn-36264.exe
2772	Unicorn-58775.exe
712	Unicorn-12838.exe
276	Unicorn-16398.exe
988	Unicorn-13103.exe
2360	Unicorn-62195.exe
1736	Unicorn-54582.exe
2180	Unicorn-26783.exe
2152	Unicorn-38578.exe
784	Unicorn-5978.exe
2448	Unicorn-18231.exe
1700	Unicorn-38651.exe
1548	Unicorn-14701.exe
1228	Unicorn-18785.exe
2984	Unicorn-43289.exe
2072	Unicorn-9870.exe
2672	Unicorn-42735.exe
620	Unicorn-940.exe
2020	Unicorn-15992.exe
2032	Unicorn-32328.exe
792	Unicorn-7561.exe
2744	Unicorn-12200.exe
1524	Unicorn-44318.exe
2928	Unicorn-7369.exe
2740	Unicorn-1239.exe
2788	Unicorn-65293.exe
2836	Unicorn-40042.exe
2588	Unicorn-43364.exe
2552	Unicorn-3093.exe
1716	Unicorn-27598.exe
2420	Unicorn-3648.exe
2880	Unicorn-40404.exe
1876	Unicorn-60078.exe
536	Unicorn-42863.exe
1660	Unicorn-51801.exe
1064	Unicorn-64800.exe
2376	Unicorn-2792.exe
780	Unicorn-45671.exe
1968	Unicorn-63788.exe
2168	Unicorn-35273.exe
2156	Unicorn-64608.exe
1468	Unicorn-10066.exe
1908	Unicorn-15931.exe
2092	Unicorn-61868.exe
2456	Unicorn-16197.exe
1936	Unicorn-34570.exe
2356	Unicorn-32594.exe
2016	Unicorn-46330.exe
2176	Unicorn-60628.exe
588	Unicorn-52460.exe
2452	Unicorn-61183.exe
2056	Unicorn-52268.exe
2248	Unicorn-60436.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2684 wrote to memory of 2812	2684	0082b69361de12fae94eece75ba5b370N.exe	31
PID 2684 wrote to memory of 2812	2684	0082b69361de12fae94eece75ba5b370N.exe	31
PID 2684 wrote to memory of 2812	2684	0082b69361de12fae94eece75ba5b370N.exe	31
PID 2684 wrote to memory of 2812	2684	0082b69361de12fae94eece75ba5b370N.exe	31
PID 2684 wrote to memory of 2704	2684	0082b69361de12fae94eece75ba5b370N.exe	33
PID 2684 wrote to memory of 2704	2684	0082b69361de12fae94eece75ba5b370N.exe	33
PID 2684 wrote to memory of 2704	2684	0082b69361de12fae94eece75ba5b370N.exe	33
PID 2684 wrote to memory of 2704	2684	0082b69361de12fae94eece75ba5b370N.exe	33
PID 2812 wrote to memory of 2652	2812	Unicorn-5267.exe	32
PID 2812 wrote to memory of 2652	2812	Unicorn-5267.exe	32
PID 2812 wrote to memory of 2652	2812	Unicorn-5267.exe	32
PID 2812 wrote to memory of 2652	2812	Unicorn-5267.exe	32
PID 2652 wrote to memory of 2532	2652	Unicorn-22839.exe	34
PID 2652 wrote to memory of 2532	2652	Unicorn-22839.exe	34
PID 2652 wrote to memory of 2532	2652	Unicorn-22839.exe	34
PID 2652 wrote to memory of 2532	2652	Unicorn-22839.exe	34
PID 2704 wrote to memory of 2608	2704	Unicorn-7057.exe	35
PID 2704 wrote to memory of 2608	2704	Unicorn-7057.exe	35
PID 2704 wrote to memory of 2608	2704	Unicorn-7057.exe	35
PID 2704 wrote to memory of 2608	2704	Unicorn-7057.exe	35
PID 2812 wrote to memory of 3016	2812	Unicorn-5267.exe	36
PID 2812 wrote to memory of 3016	2812	Unicorn-5267.exe	36
PID 2812 wrote to memory of 3016	2812	Unicorn-5267.exe	36
PID 2812 wrote to memory of 3016	2812	Unicorn-5267.exe	36
PID 2684 wrote to memory of 1120	2684	0082b69361de12fae94eece75ba5b370N.exe	37
PID 2684 wrote to memory of 1120	2684	0082b69361de12fae94eece75ba5b370N.exe	37
PID 2684 wrote to memory of 1120	2684	0082b69361de12fae94eece75ba5b370N.exe	37
PID 2684 wrote to memory of 1120	2684	0082b69361de12fae94eece75ba5b370N.exe	37
PID 3016 wrote to memory of 3008	3016	Unicorn-36880.exe	38
PID 3016 wrote to memory of 3008	3016	Unicorn-36880.exe	38
PID 3016 wrote to memory of 3008	3016	Unicorn-36880.exe	38
PID 3016 wrote to memory of 3008	3016	Unicorn-36880.exe	38
PID 2812 wrote to memory of 2384	2812	Unicorn-5267.exe	39
PID 2812 wrote to memory of 2384	2812	Unicorn-5267.exe	39
PID 2812 wrote to memory of 2384	2812	Unicorn-5267.exe	39
PID 2812 wrote to memory of 2384	2812	Unicorn-5267.exe	39
PID 2532 wrote to memory of 2124	2532	Unicorn-48578.exe	40
PID 2532 wrote to memory of 2124	2532	Unicorn-48578.exe	40
PID 2532 wrote to memory of 2124	2532	Unicorn-48578.exe	40
PID 2532 wrote to memory of 2124	2532	Unicorn-48578.exe	40
PID 2652 wrote to memory of 276	2652	Unicorn-22839.exe	41
PID 2652 wrote to memory of 276	2652	Unicorn-22839.exe	41
PID 2652 wrote to memory of 276	2652	Unicorn-22839.exe	41
PID 2652 wrote to memory of 276	2652	Unicorn-22839.exe	41
PID 1120 wrote to memory of 2252	1120	Unicorn-58784.exe	42
PID 1120 wrote to memory of 2252	1120	Unicorn-58784.exe	42
PID 1120 wrote to memory of 2252	1120	Unicorn-58784.exe	42
PID 1120 wrote to memory of 2252	1120	Unicorn-58784.exe	42
PID 2684 wrote to memory of 712	2684	0082b69361de12fae94eece75ba5b370N.exe	43
PID 2684 wrote to memory of 712	2684	0082b69361de12fae94eece75ba5b370N.exe	43
PID 2684 wrote to memory of 712	2684	0082b69361de12fae94eece75ba5b370N.exe	43
PID 2684 wrote to memory of 712	2684	0082b69361de12fae94eece75ba5b370N.exe	43
PID 2704 wrote to memory of 2772	2704	Unicorn-7057.exe	44
PID 2704 wrote to memory of 2772	2704	Unicorn-7057.exe	44
PID 2704 wrote to memory of 2772	2704	Unicorn-7057.exe	44
PID 2704 wrote to memory of 2772	2704	Unicorn-7057.exe	44
PID 2608 wrote to memory of 988	2608	Unicorn-56746.exe	45
PID 2608 wrote to memory of 988	2608	Unicorn-56746.exe	45
PID 2608 wrote to memory of 988	2608	Unicorn-56746.exe	45
PID 2608 wrote to memory of 988	2608	Unicorn-56746.exe	45
PID 3008 wrote to memory of 2360	3008	Unicorn-52792.exe	46
PID 3008 wrote to memory of 2360	3008	Unicorn-52792.exe	46
PID 3008 wrote to memory of 2360	3008	Unicorn-52792.exe	46
PID 3008 wrote to memory of 2360	3008	Unicorn-52792.exe	46

C:\Users\Admin\AppData\Local\Temp\0082b69361de12fae94eece75ba5b370N.exe
"C:\Users\Admin\AppData\Local\Temp\0082b69361de12fae94eece75ba5b370N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5267.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5267.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22839.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48578.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28096.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5978.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40976.exe
        8⤵
        
        PID:2400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 244
        9⤵
        Program crash
        
        PID:3364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
        8⤵
        Program crash
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16834.exe
        7⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3420.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        9⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 248
        9⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31977.exe
        8⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
        8⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 248
        8⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        8⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8654.exe
        8⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43376.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18011.exe
        8⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 224
        8⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19865.exe
        7⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        7⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16889.exe
        7⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59061.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-956.exe
        7⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51967.exe
        7⤵
        
        PID:9296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3648.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        7⤵
        
        PID:640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 240
        8⤵
        Program crash
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11017.exe
        7⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64681.exe
        8⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29150.exe
        9⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39590.exe
        9⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 224
        9⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8433.exe
        8⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 444 -s 240
        8⤵
        Program crash
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32466.exe
        8⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 248
        8⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-213.exe
        7⤵
        
        PID:4124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 244
        7⤵
        Program crash
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18509.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 244
        7⤵
        Program crash
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60607.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
        7⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16516.exe
        7⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18565.exe
        7⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41909.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35979.exe
        6⤵
        
        PID:4656
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 248
        6⤵
        Program crash
        
        PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14701.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 244
        6⤵
        Program crash
        
        PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45671.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25647.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5828.exe
        7⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 248
        7⤵
        Program crash
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51500.exe
        6⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
        6⤵
        
        PID:4272
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 248
        6⤵
        
        PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47146.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27401.exe
        6⤵
        
        PID:3920
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 228
        6⤵
        Program crash
        
        PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21402.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62994.exe
        5⤵
        
        PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20311.exe
        5⤵
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33088.exe
        5⤵
        
        PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        5⤵
        
        PID:7548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25877.exe
        5⤵
        
        PID:8812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16398.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:276
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 244
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15992.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2020
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 220
        5⤵
        Program crash
        
        PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15931.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37468.exe
        5⤵
        
        PID:1460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25481.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55085.exe
        7⤵
        
        PID:8444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 248
        6⤵
        Program crash
        
        PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63285.exe
        5⤵
        
        PID:4028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 224
        6⤵
        
        PID:9160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9117.exe
        5⤵
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44617.exe
        5⤵
        
        PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64914.exe
        5⤵
        
        PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21975.exe
        5⤵
        
        PID:7804
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 244
        5⤵
        
        PID:8640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12476.exe
      4⤵
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38173.exe
        6⤵
        
        PID:8228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60919.exe
        5⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38752.exe
        5⤵
        
        PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8042.exe
        5⤵
        
        PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38511.exe
        5⤵
        
        PID:7588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31477.exe
        5⤵
        
        PID:8472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57685.exe
      4⤵
      PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6847.exe
      4⤵
      PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
      4⤵
      PID:5276
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 244
      4⤵
      PID:6924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36880.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36880.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52792.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62195.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7561.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51744.exe
        8⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15307.exe
        9⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13413.exe
        9⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 220
        9⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45766.exe
        8⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49242.exe
        8⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36117.exe
        8⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23933.exe
        8⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37128.exe
        8⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32838.exe
        7⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57217.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
        8⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41311.exe
        8⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
        8⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38780.exe
        7⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59191.exe
        7⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27451.exe
        7⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64767.exe
        7⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33774.exe
        7⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32594.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47385.exe
        7⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20214.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 228
        8⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13010.exe
        7⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59683.exe
        7⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38006.exe
        7⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47348.exe
        7⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5421.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13296.exe
        7⤵
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32894.exe
        6⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16047.exe
        7⤵
        
        PID:3868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 228
        7⤵
        Program crash
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35434.exe
        6⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56883.exe
        6⤵
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12805.exe
        6⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47878.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7268
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 248
        6⤵
        
        PID:8864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12200.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 244
        6⤵
        Program crash
        
        PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46330.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13093.exe
        6⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        7⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29097.exe
        7⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
        7⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36989.exe
        7⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 244
        7⤵
        
        PID:8268
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 216
        6⤵
        Program crash
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50737.exe
        5⤵
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40084.exe
        6⤵
        
        PID:3964
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 248
        6⤵
        Program crash
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5881.exe
        5⤵
        
        PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48001.exe
        5⤵
        
        PID:4388
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
        5⤵
        
        PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54582.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44318.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 244
        6⤵
        Program crash
        
        PID:2508
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 248
        5⤵
        Program crash
        
        PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1239.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57504.exe
        5⤵
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44069.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exe
        7⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1638.exe
        7⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
        7⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36159.exe
        7⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56347.exe
        7⤵
        
        PID:9112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46150.exe
        6⤵
        
        PID:4108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 244
        6⤵
        Program crash
        
        PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19735.exe
        5⤵
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1083.exe
        6⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43236.exe
        6⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30293.exe
        6⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65012.exe
        6⤵
        
        PID:8996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59885.exe
        5⤵
        
        PID:4100
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 248
        5⤵
        Program crash
        
        PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61131.exe
      4⤵
      PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
        5⤵
        
        PID:332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63872.exe
        6⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21015.exe
        6⤵
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
        6⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47176.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7724
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 224
        6⤵
        
        PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37789.exe
        5⤵
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7166.exe
        5⤵
        
        PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50066.exe
        5⤵
        
        PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17306.exe
        5⤵
        
        PID:8072
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 228
        5⤵
        
        PID:9048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64780.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12460.exe
        5⤵
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6612
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 248
        5⤵
        
        PID:7940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39314.exe
      4⤵
      PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23925.exe
      4⤵
      PID:4152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32605.exe
      4⤵
      PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27836.exe
      4⤵
      PID:7912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5358.exe
      4⤵
      PID:8624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe
      4⤵
      PID:8320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7369.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60628.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 224
        7⤵
        Program crash
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44515.exe
        6⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58691.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10647.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24756.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21431.exe
        7⤵
        
        PID:9320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18852.exe
        6⤵
        
        PID:4224
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 248
        6⤵
        Program crash
        
        PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61183.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6819.exe
        6⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
        7⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14043.exe
        7⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe
        7⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1659.exe
        7⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21956.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61768.exe
        7⤵
        
        PID:9312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7940.exe
        6⤵
        
        PID:4432
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 220
        6⤵
        Program crash
        
        PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46574.exe
        5⤵
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2310.exe
        6⤵
        
        PID:4568
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 228
        6⤵
        
        PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe
        5⤵
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50526.exe
        5⤵
        
        PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10916.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16295.exe
        5⤵
        
        PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        5⤵
        
        PID:8760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52268.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31324.exe
        6⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56693.exe
        7⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46138.exe
        7⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56630.exe
        7⤵
        
        PID:8836
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 236
        6⤵
        Program crash
        
        PID:4484
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 248
        5⤵
        Program crash
        
        PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51936.exe
        5⤵
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
        6⤵
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-831.exe
        6⤵
        
        PID:936
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 244
        6⤵
        
        PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29154.exe
        5⤵
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14566.exe
        5⤵
        
        PID:2560
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 248
        5⤵
        
        PID:7132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31059.exe
      4⤵
      PID:1836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35507.exe
        5⤵
        
        PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-639.exe
        5⤵
        
        PID:5228
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 220
        5⤵
        
        PID:7120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11776.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57452.exe
      4⤵
      PID:5588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
      4⤵
      PID:8028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
      4⤵
      PID:8940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
      4⤵
      PID:9260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38578.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40042.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2836
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 244
        5⤵
        Program crash
        
        PID:1848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37830.exe
      4⤵
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
        5⤵
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14811.exe
        6⤵
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11500.exe
        6⤵
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22389.exe
        6⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9346.exe
        6⤵
        
        PID:8256
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 228
        6⤵
        
        PID:8768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60483.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
        5⤵
        
        PID:4460
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 248
        5⤵
        
        PID:6208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25219.exe
      4⤵
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60120.exe
        5⤵
        
        PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45948.exe
        5⤵
        
        PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32140.exe
        5⤵
        
        PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
        5⤵
        
        PID:7492
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 244
        5⤵
        
        PID:9064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64515.exe
      4⤵
      PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
      4⤵
      PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37070.exe
      4⤵
      PID:6628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54702.exe
      4⤵
      PID:7972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6493.exe
      4⤵
      PID:8668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30011.exe
      4⤵
      PID:8912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43364.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43364.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16664.exe
      4⤵
      PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34007.exe
        5⤵
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30333.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3556
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 228
        6⤵
        Program crash
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43523.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3240
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 220
        5⤵
        Program crash
        
        PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
      4⤵
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61557.exe
        5⤵
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        6⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56620.exe
        6⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47102.exe
        6⤵
        
        PID:6780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 216
        6⤵
        
        PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46150.exe
        5⤵
        
        PID:4116
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
        5⤵
        Program crash
        
        PID:5452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
      4⤵
      PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40686.exe
        5⤵
        
        PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24990.exe
        5⤵
        
        PID:6412
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 220
        5⤵
        
        PID:7752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20633.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4196
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 244
      4⤵
      Program crash
      PID:5480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
    3⤵
    PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21729.exe
      4⤵
      PID:1864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14157.exe
        5⤵
        
        PID:4320
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 248
        5⤵
        
        PID:6056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56975.exe
      4⤵
      PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54784.exe
      4⤵
      PID:4764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21238.exe
      4⤵
      PID:6588
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 244
      4⤵
      PID:7904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39177.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39177.exe
    3⤵
    PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58122.exe
      4⤵
      PID:3932
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 248
      4⤵
      PID:6064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
    3⤵
    PID:3732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50967.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50967.exe
    3⤵
    PID:4992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7205.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7205.exe
    3⤵
    PID:5280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63013.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63013.exe
    3⤵
    PID:7424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
    3⤵
    PID:8932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25632.exe
    3⤵
    PID:9276
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56746.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56746.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13103.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18231.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27598.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60436.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52237.exe
        8⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 224
        9⤵
        Program crash
        
        PID:3744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
        8⤵
        Program crash
        
        PID:3164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
        7⤵
        Program crash
        
        PID:320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41914.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56596.exe
        7⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21065.exe
        8⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6726.exe
        8⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 244
        8⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9860.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 244
        7⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14633.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27996.exe
        7⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 228
        7⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41713.exe
        6⤵
        
        PID:4952
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 244
        6⤵
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40404.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48952.exe
        6⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 244
        7⤵
        Program crash
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24333.exe
        6⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24820.exe
        7⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63958.exe
        7⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 220
        7⤵
        
        PID:7676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2983.exe
        6⤵
        
        PID:5068
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 228
        6⤵
        Program crash
        
        PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56418.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52704.exe
        6⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11524.exe
        7⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61846.exe
        7⤵
        
        PID:7232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 220
        7⤵
        
        PID:7820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
        6⤵
        
        PID:4684
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 244
        6⤵
        
        PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56331.exe
        5⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63709.exe
        6⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29801.exe
        6⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52546.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        5⤵
        
        PID:4868
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 248
        5⤵
        
        PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18785.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1228
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 240
        5⤵
        Program crash
        
        PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10066.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
        5⤵
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55662.exe
        6⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64780.exe
        7⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 248
        7⤵
        Program crash
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12050.exe
        6⤵
        
        PID:3916
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 244
        6⤵
        Program crash
        
        PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15459.exe
        5⤵
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47759.exe
        6⤵
        
        PID:3896
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 228
        6⤵
        Program crash
        
        PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33569.exe
        5⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11.exe
        5⤵
        
        PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29340.exe
        5⤵
        
        PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30812.exe
        5⤵
        
        PID:7528
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 244
        5⤵
        
        PID:9028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21141.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27863.exe
        5⤵
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38652.exe
        6⤵
        
        PID:5324
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
        6⤵
        
        PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38448.exe
        5⤵
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53326.exe
        5⤵
        
        PID:5988
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 216
        5⤵
        
        PID:6876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36228.exe
      4⤵
      PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65429.exe
        5⤵
        
        PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18405.exe
        5⤵
        
        PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
        5⤵
        
        PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30622.exe
        5⤵
        
        PID:9020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12766.exe
        5⤵
        
        PID:9268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20487.exe
      4⤵
      PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
      4⤵
      PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6451.exe
      4⤵
      PID:7020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63135.exe
      4⤵
      PID:7860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31528.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58775.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58775.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9870.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2792.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38942.exe
        6⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 220
        7⤵
        Program crash
        
        PID:3900
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 248
        6⤵
        Program crash
        
        PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63809.exe
        5⤵
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35616.exe
        6⤵
        
        PID:3580
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 228
        6⤵
        Program crash
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8681.exe
        5⤵
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7665.exe
        5⤵
        
        PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19781.exe
        5⤵
        
        PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
        5⤵
        
        PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
        5⤵
        
        PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27012.exe
        5⤵
        
        PID:8464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64800.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
        5⤵
        
        PID:2460
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
        6⤵
        Program crash
        
        PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32070.exe
        5⤵
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe
        6⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8846.exe
        6⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56889.exe
        6⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1867.exe
        6⤵
        
        PID:7668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48013.exe
        6⤵
        
        PID:8748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        5⤵
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17115.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41401.exe
        5⤵
        
        PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-771.exe
        5⤵
        
        PID:8056
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 244
        5⤵
        
        PID:9040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7648.exe
      4⤵
      PID:2920
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 244
        5⤵
        Program crash
        
        PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36726.exe
      4⤵
      PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31006.exe
        5⤵
        
        PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11021.exe
        5⤵
        
        PID:8980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15566.exe
        5⤵
        
        PID:9304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40640.exe
      4⤵
      PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33990.exe
      4⤵
      PID:5892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27982.exe
      4⤵
      PID:6944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2933.exe
      4⤵
      PID:7816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27328.exe
      4⤵
      PID:8920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32328.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32328.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51801.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33514.exe
        5⤵
        
        PID:1480
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 240
        6⤵
        Program crash
        
        PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44100.exe
        5⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42833.exe
        5⤵
        
        PID:5040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 248
        5⤵
        
        PID:6220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43388.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2988
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
        5⤵
        Program crash
        
        PID:3208
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 244
      4⤵
      Program crash
      PID:3296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63788.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63788.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33768.exe
      4⤵
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39025.exe
        5⤵
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20764.exe
        6⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
        7⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47596.exe
        7⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 228
        7⤵
        
        PID:9072
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 216
        6⤵
        Program crash
        
        PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-898.exe
        5⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50523.exe
        6⤵
        
        PID:6736
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
        6⤵
        
        PID:7928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35848.exe
        5⤵
        
        PID:4936
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 248
        5⤵
        Program crash
        
        PID:5928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
      4⤵
      PID:892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37043.exe
        5⤵
        
        PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35506.exe
        5⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30251.exe
        5⤵
        
        PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32599.exe
        5⤵
        
        PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        5⤵
        
        PID:9000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
      4⤵
      PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33644.exe
      4⤵
      PID:5488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37508.exe
      4⤵
      PID:6536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41995.exe
      4⤵
      PID:7728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22486.exe
      4⤵
      PID:8880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57302.exe
      4⤵
      PID:9232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4225.exe
    3⤵
    PID:1536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47577.exe
      4⤵
      PID:1496
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 244
        5⤵
        Program crash
        
        PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19834.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3724
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 244
      4⤵
      Program crash
      PID:944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30279.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30279.exe
    3⤵
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25066.exe
      4⤵
      PID:4184
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 228
      4⤵
      PID:6072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56302.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56302.exe
    3⤵
    PID:4604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3005.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3005.exe
    3⤵
    PID:6156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25212.exe
    3⤵
    PID:7400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37622.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37622.exe
    3⤵
    PID:8948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10231.exe
    3⤵
    PID:9220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58784.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58784.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42735.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2672
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
        5⤵
        Program crash
        
        PID:600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64608.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2156
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 224
        5⤵
        Program crash
        
        PID:1508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28234.exe
      4⤵
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24791.exe
        5⤵
        
        PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17935.exe
        5⤵
        
        PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45244.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39423.exe
        5⤵
        
        PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16907.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8728
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 236
      4⤵
      Program crash
      PID:3632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43289.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43289.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16197.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13093.exe
        5⤵
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe
        6⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43400.exe
        7⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53602.exe
        7⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 244
        7⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44915.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26195.exe
        6⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54172.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10958.exe
        6⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56877.exe
        6⤵
        
        PID:8804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17893.exe
        5⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29195.exe
        6⤵
        
        PID:7444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 248
        6⤵
        
        PID:7308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39979.exe
        5⤵
        
        PID:4564
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 228
        5⤵
        
        PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22968.exe
      4⤵
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35792.exe
        5⤵
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50092.exe
        6⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22624.exe
        6⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5597.exe
        6⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-352.exe
        6⤵
        
        PID:9104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62486.exe
        5⤵
        
        PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27778.exe
        5⤵
        
        PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46174.exe
        5⤵
        
        PID:6568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58531.exe
        5⤵
        
        PID:7796
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 248
        5⤵
        
        PID:9056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45806.exe
      4⤵
      PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37832.exe
        5⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6760.exe
        5⤵
        
        PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55114.exe
        5⤵
        
        PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19936.exe
        5⤵
        
        PID:7824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45470.exe
        5⤵
        
        PID:9088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20441.exe
      4⤵
      PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8450.exe
      4⤵
      PID:5580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24865.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
      4⤵
      PID:7984
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 236
      4⤵
      PID:8848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26991.exe
      4⤵
      PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34609.exe
        5⤵
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3057.exe
        5⤵
        
        PID:4156
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 220
        5⤵
        
        PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2299.exe
      4⤵
      PID:3496
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 224
      4⤵
      Program crash
      PID:4312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30618.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30618.exe
    3⤵
    PID:1016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
      4⤵
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6980.exe
        5⤵
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19201.exe
        5⤵
        
        PID:4708
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 220
        5⤵
        
        PID:2860
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 228
      4⤵
      Program crash
      PID:3272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23161.exe
    3⤵
    PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15387.exe
      4⤵
      PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41048.exe
      4⤵
      PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15373.exe
      4⤵
      PID:6580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62837.exe
      4⤵
      PID:7896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27493.exe
      4⤵
      PID:8652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39811.exe
      4⤵
      PID:8468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60695.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60695.exe
    3⤵
    PID:3168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12296.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12296.exe
    3⤵
    PID:5084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8340.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8340.exe
    3⤵
    PID:6296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21012.exe
    3⤵
    PID:7468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65358.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65358.exe
    3⤵
    PID:8924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
    3⤵
    PID:9284
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12838.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12838.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38651.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38651.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35273.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        5⤵
        
        PID:2568
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 224
        6⤵
        Program crash
        
        PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54733.exe
        5⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61784.exe
        6⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27575.exe
        6⤵
        
        PID:7748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50813.exe
        6⤵
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3030.exe
        5⤵
        
        PID:4664
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 248
        5⤵
        
        PID:6100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59450.exe
      4⤵
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46669.exe
        5⤵
        
        PID:3644
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 248
        5⤵
        Program crash
        
        PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57451.exe
      4⤵
      PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22658.exe
      4⤵
      PID:4380
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 224
      4⤵
      PID:6180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61868.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17370.exe
      4⤵
      PID:912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23317.exe
        5⤵
        
        PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
        5⤵
        
        PID:4804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22581.exe
        5⤵
        
        PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
        5⤵
        
        PID:7628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46487.exe
        5⤵
        
        PID:7772
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 228
        5⤵
        
        PID:8476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3451.exe
      4⤵
      PID:3852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53357.exe
      4⤵
      PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28447.exe
      4⤵
      PID:6192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54089.exe
      4⤵
      PID:7564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38119.exe
      4⤵
      PID:7264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48543.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6963.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6963.exe
    3⤵
    PID:2924
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 244
      4⤵
      Program crash
      PID:3860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63700.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63700.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40033.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40033.exe
    3⤵
    PID:5056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3246.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3246.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54619.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54619.exe
    3⤵
    PID:7580
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 712 -s 228
    3⤵
    PID:7924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-940.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-940.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60078.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
      4⤵
      PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37759.exe
        5⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28328.exe
        6⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1929.exe
        6⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65239.exe
        6⤵
        
        PID:8332
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
        6⤵
        
        PID:9096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26243.exe
        5⤵
        
        PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20495.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60979.exe
        5⤵
        
        PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
        5⤵
        
        PID:7576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
        5⤵
        
        PID:9036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
      4⤵
      PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44691.exe
        5⤵
        
        PID:8680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16626.exe
      4⤵
      PID:4732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
      4⤵
      PID:5920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52314.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49473.exe
      4⤵
      PID:7488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46000.exe
      4⤵
      PID:8904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42682.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2108
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 244
      4⤵
      Program crash
      PID:3356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21732.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21732.exe
    3⤵
    PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52417.exe
      4⤵
      PID:6744
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 224
      4⤵
      PID:7248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58049.exe
    3⤵
    PID:5016
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 244
    3⤵
    - Program crash
    PID:5980
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42863.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42863.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50535.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50535.exe
    3⤵
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63389.exe
      4⤵
      PID:3276
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
      4⤵
      Program crash
      PID:4144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64136.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64136.exe
    3⤵
    PID:3184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
    3⤵
    PID:4256
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 248
    3⤵
    PID:6228
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29691.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29691.exe
  2⤵
  PID:1904
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 224
    3⤵
    - Program crash
    PID:3084
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2161.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2161.exe
  2⤵
  PID:3136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
    3⤵
    PID:6420
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 228
    3⤵
    PID:7312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9644.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9644.exe
  2⤵
  PID:4624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
  2⤵
  PID:6004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43117.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43117.exe
  2⤵
  PID:6856
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13230.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13230.exe
  2⤵
  PID:7656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46109.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46109.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:8800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-32599.exe

Filesize
468KB

MD5
4fd74f51cc2bae9348c88ce778c7ad1e

SHA1
b18cca8f2070e133206eaa869105ee81009d3020

SHA256
080995daf1a737046a68f68974404c632df09f857e25a2f34b4d369ac8ebdcaf

SHA512
011f6e11fbe1124a4cf89ae8cc263cb1e694c277c2654090312fc12e4f94b92cd139aa2a735036501130df4497a996f156f7d1ddfefb6ac676df3730c328027d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36880.exe

Filesize
468KB

MD5
6d8f5831bb2cebc25545fe93ae5d0638

SHA1
f4b9389221ff0d7230038dd18a254c0c3818c40d

SHA256
7154aa9ce8b157ee5c6dde3db9fc580a343572912877bdc275c636f8aae50537

SHA512
570f5e8fd63a3b1168da25d703d8838016769eec43136c551c9eae5924453f3c3b7192c8d85a931a75ff7dcfa5bf03c60a75da62d7d559d4d4b559fa92320cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52792.exe

Filesize
468KB

MD5
6d2f5a849c0aa50ab15e05291d998187

SHA1
30077ec5b78a9f7b91e2f7e57d00f500a5ba7504

SHA256
0cc92068f2a51edcd5d0c632d8d4209ce051c2457bb16834f21b7eb3501adac1

SHA512
1475bdf0e22207b0ffb87391d39526d5569fbd6afb3d783f842cbd66766d43751e4945fe6d414f53973b32af22f705e33552c921c67156bd04a16e64b3350584

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54582.exe

Filesize
468KB

MD5
e0a74b48030119505135041deab562f5

SHA1
2b1cf7290dc3179cb4855dc67613773f696a92fb

SHA256
dd79a251494933353f96c5a5d387f89d54bf3d4bf0a558deb44c42e261ca6fd1

SHA512
0461f53ee549458b3e7bfa10d2456a3bdce0c4ce3d57b781a4cc86d660558190718bf5b71af66ee5096965aaa6c29b8c3c23d738d0e665397e3245f22165c6c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55085.exe

Filesize
468KB

MD5
88d8680a98e54c774b24fc38d4906518

SHA1
3d525e355f27075963f7d29dab089d09dd80a1c3

SHA256
3ce9e4d021f0b03c546ae69c58111df9e4c71e8790b75d59fb853b336d3f55d8

SHA512
95b4dee40d2e145f36f06ac8bc72891a59af98d72c66f800f4c6272e6000d26f73cc029db2af076177d9a77b1181bb07c4d52f9cf2911d95e40267af496d0c5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56746.exe

Filesize
468KB

MD5
f007adfddf0f75884603b6103368ee75

SHA1
248f50057ae93308647c2bec72b6f8c4c49a93b8

SHA256
7f4cbf5e32228bb587d608edd84da4a0b2292b5c9199eb0f5d0d610a8ed7f510

SHA512
c64b7511d983f97ee1e0c2aadd7c2505db84a3d3bfb3c8f0c27b7923bad39c18ea8e9b158450e2611a33862c56b54665d72b922f2fc22e8d12a500224549212c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5828.exe

Filesize
468KB

MD5
63bdf80b5f7f04fc81917a19d626e52a

SHA1
34a209afd68be8d36e8d629868a58a152da20679

SHA256
d6a10c69e0004fc1b7505dc4c007ed14cbcc492a0bee322a9323a2d3f77eef4a

SHA512
79d38e8dc48d6aac6ea5dc53915622f67692fec6b7778597901b2ba0b86b5ded77e37e63e522abd893199deef651857a04d0c6fc6c3b545c220c493cd2c7d4db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5978.exe

Filesize
468KB

MD5
59b7e34b3a5d4ea1cb7fb0fd0fc82e86

SHA1
f286a1f52676b1f4aeb2538832cf3f9123267e81

SHA256
07f69ec485af7ce0ed96915877861f0f578791d8122d55cd1b98a23b5b12f585

SHA512
c8cadacba8f079b01ef58eec759010ecd3912dbffdab34ff151da7260c1647b5bfa31f7ffc8fa909475d7681697f623399923b2d4fbb63519422cd685c80e2dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-940.exe

Filesize
468KB

MD5
3aa7ecdafff0b75352778533fa5f4c18

SHA1
4cbf398fb29a1601927f0a2b2072b39be72b08d7

SHA256
453a3f3591b362689c3ce2423104a2943bc77821f459418fdb6a32232227dcae

SHA512
31eea6f58059f7754f69ad823e9aa369369546898994b28c110a4f5bdb4bee839fec9588531c8e7b3ac7c82c5b0b7819b26ebde2ad0ee753114b8b3199e53569

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12838.exe

Filesize
468KB

MD5
f44c4d8285da3a66540c33e42145b740

SHA1
b58b9c3c584d0a4751dea2ad7ac84f654104ec58

SHA256
60da29e22d815a65238e56fc2d08ff482a016b2828cc386b3cf99929f7dd9be6

SHA512
c4398e6adb12f81febe7a298d6c689aff35e2ca3fe07b88daa315561babcee6219b529dd42c597f51a6714e56afb18b9b160a2c24fe224833d9a4cfd918732b2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13103.exe

Filesize
468KB

MD5
12a1d35690b14478d7565a6003bfe4a2

SHA1
c4199709dce66504c8a0dd500c0fe9cc9dedb415

SHA256
778efaaf0f96dd38dc5e2203baefdb4ca3a15dfa7620e2783af83a92ccb7deb5

SHA512
752c961736418dfc4f8f02037e22bcddef1c143c719d4576a1b806be6c91cb2dad45982feb5a379e1022e7c8498d196dbdf74a7a1594957c2f8df8687f1eb714

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16398.exe

Filesize
468KB

MD5
f28b12ba82e957e6d044239a8d04db4d

SHA1
e730aead8862c441b7684123f14b21f49fd193e2

SHA256
f33132b717e4f0b29341ca35232e98cf6d7f9ff52c72e4a55984e505418dc302

SHA512
66677c38d0ae61ee458d5e1a3f60e292b431cbe14e03d1d2ecc7a20df268c95a316ef1f5ddd6d922adb6d4709c2bbc4a7e7398936fc3e65c089db3a207a194fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22839.exe

Filesize
468KB

MD5
3f9caf80e739df58cc255e4f0600f075

SHA1
38d2a3dbbd8cccb6a5dd4c856a5affe493d8aa00

SHA256
d0f846878b24250781809c3ea7e5c34eb5b527aeafecd581a7f37490ca5255c0

SHA512
11303c2f63f9070a5791af418ec779fc61e1f45327dd1c3b529c32ac559c7551cf770b35c4b9b51cadac56dfaded18d1c0b3ae3b84ea5032db078aa49d9055bd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe

Filesize
468KB

MD5
55a4cd0ea3cba48c722ca8e516ee15f6

SHA1
ecb5daf4cccc1bcba0fdd07233c2aabc20d228d5

SHA256
11df01069ef418d192b099d9dc5ea819243dc28914d64596dcd5365909a23dc5

SHA512
d3130c6ee7c6209c852bc10282111583e6e3a4fbd5e49cb9d0e5860146546959e2a7ef5bfd3426ec7bf5b14074a5f75cd649bab0f157fd7385cd6ea88ff52314

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28096.exe

Filesize
468KB

MD5
ba35803511d35e204adff4720e212782

SHA1
69d00764fb26289300cda39c1851dd5d14c7906d

SHA256
c76f6f15a9a0539ac6a09334e961bd16881e3cc17841f3309dc9d23f38303c81

SHA512
931f74279f24a94c3b2c20064226b25478a3c0a99876aeb7240a9cace16b06cb036fe126fdd9b2f2288a561e0be96066706f19b363a2aa7c49d70e472d86eb0b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe

Filesize
468KB

MD5
9ce46b26f16bbc05767f8f33102f202f

SHA1
70d10c5ccfccba7ff242ad0b72af3b3a0b79db86

SHA256
bb8e935fb68be63e019c89f202a0a16c376834580a7cce42bdc7ae1258dff5af

SHA512
23d37d556b6c4c8ce0242308d4300e0c2d233e0ca240e96c327a6549826678d50f74a9c3c5c7f9125cb50e4ecb37b3f7410b5d0a2d9d229767139981cad5ce67

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38578.exe

Filesize
468KB

MD5
d69cf1464e7f86f3c26e309bddd3498b

SHA1
2e65e1b0ae6a1a7bc4ed7535e79dbc9c14e653ba

SHA256
56c6cb141b715bfa9354a3b7ecae097dd6e1f7660799bc3bb5bed2f1c0d72097

SHA512
639a45d53c04bb341805507c1b7934a8d40ecc1f56bde09ffaaa8ce047b07fb769406e182f746a8c9b451d180a7f87676c7cea18fc1010ed19a24201faf99c13

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48578.exe

Filesize
468KB

MD5
b8b282f1884b3630231a279dfd6f0f3d

SHA1
20436d43f0d033c5d95dacfd7024998c64843067

SHA256
fb90ec2b8e9882c6aae533ff5cd03c7d4c5952624dbfd6b91c61f43af8a45a97

SHA512
c42c8e474f47c52219a0059a810ef1912fe792b8cc2d652684e1fc6fd1b13c360ca701e0fbc58cb9a5e9f4a840e4e8a44f60971d3c96a8cb4c5c62aa0a4a2b8b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5267.exe

Filesize
468KB

MD5
9ad05c24bf014f8cf68935bdd8778e93

SHA1
462e6c2d7fe2a2f1fbe1c6e1e5135c28ead49fca

SHA256
bfdd5006891b0ef3b5936bd146fd2804cbe87e06f1ac0a9b5b03a6c49b8d0978

SHA512
84b255dc34ce88750b5e8ddc0273bd3a136f8f4bdcc5223c408186157ad527b55bc7ed9723965ec619b72d73315817e216919035ad02f0062ff5d1a48bbc185a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58775.exe

Filesize
468KB

MD5
e4cb12032cb33b2aab1d704f8590e4f7

SHA1
640799082ad0005c225a1d4e95e744be97e6c5e9

SHA256
5f1afef8f4cf3d26a531b80945d4e104b74b1f060668dc606d72426f46e225ee

SHA512
4a6830a4aded361909bc1f1db21a0b01ea1e0a9b639a67d26c8846c5de4e1b0240bc3589109283969e8b5ec635eac4bd5d5c7106c5883b538b707dfdec48031d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58784.exe

Filesize
468KB

MD5
448c25d17bb4d4911a82bfb66e28fcf0

SHA1
9a736e67dacd1a4dcb5f61810322756d8acbd841

SHA256
b4a2ecc51ea00668de24cf4a3dc1f310f16cecc92dc1bf35d4fba394d1386934

SHA512
1f75e9e8307a559c72ef630a564b35f315a8a9c0ac1ebe346f94bd01fad04424334b52e5c9be11a472c0ad5b44195853cbd6e435f6ca02dd2d51cc156ab7f46f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62195.exe

Filesize
468KB

MD5
7f0cb22234d2c52f2c8d2aa89d57cef6

SHA1
81c52d0abbb022ff428238b668b6e20b1e44b7e2

SHA256
425634bc66bba73e721a89ec8ec792a122df477be6e4c78d3664bc4d444010ab

SHA512
92bf80892b55e63b1df0b5c29b72933be97e11f730f83ba1b033fcd945c9c77f548b31508bbd90426468582aecf9747b2eb58006a77529195c8358e3090b2f48

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe

Filesize
468KB

MD5
fe539eb2d965a351c633703350e519bb

SHA1
632bba487967edb6d506ac742833efdcda76ec50

SHA256
0354108bf884113250ac276e0700ec5d7ebf697a7ed23ce1c71ee0b54b9a7bac

SHA512
2ea43c144b6056efe33f97b52b4d06984d0880db2db29218da79cdb53b7d74d9364cafe4dbf14cb8daf087702179001eabc55929909aacf38081cfe63b1100fc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe

Filesize
468KB

MD5
55b1ed3d9a1bfd684b51149dcfe3cc56

SHA1
184eff06e51ea7d35afb557aa681d88517deb010

SHA256
8ff4a51c3e722bfa6bdd9dae159a774a3f591c0a7a43b58a6f1702713d289eac

SHA512
b9cd1af941f6bf774fe487e9fb30aa024c6035742e06e183adaa7fe8f5e72f47472ee96d0a17abf0df42c66bacc02442b083090fca84430713ffc979aba3511f

Download Submit